Legal · Privacy Policy
Privacy Policy
This document tells you what personal information we collect, why we collect it, how we use and protect it, and what rights you hold over it. We have written it to be read, not archived. If something is unclear, contact us.
Version 1.1
Contents
Who We Are
0.01 operates a private members club with locations in Milan, Italy and London, United Kingdom.
Contact: contact@001-club.com
We are the data controller for all personal information processed under this Policy. Where we engage third parties to process data on our behalf, they act as data processors under written agreements that impose equivalent obligations.
Scope
This Policy applies to:
- Applicants — individuals who have submitted an application or been nominated for membership.
- Pre-Launch Members — individuals who have signed a membership agreement before the Club's operational launch date, where payment obligations are suspended pending launch.
- Members — individuals holding an active membership, including Founding Members.
- Former members — individuals whose membership has ended but whose data we retain for legal or legitimate purposes.
- Guests — individuals introduced to the Club by a member.
- Contacts — individuals who correspond with us without becoming members.
It covers data collected through our website, our members' area (001-club.com/inside), direct correspondence with your concierge, in-app activity, telephone communication, and during any Club-organised event or service.
The Data We Collect
We collect only what is necessary for the purpose stated. We do not collect data speculatively.
Identity and Contact Data
Full legal name, date of birth, nationality, email address, telephone number, postal address, and government-issued identity document where required for identity verification.
Membership and Account Data
Membership tier, joining date, membership number, credit balance, top-up history, transaction records, booking history, reservation details, service preferences, and communications with your concierge. Account login credentials are stored in hashed form — we cannot retrieve your password.
Nomination and Referral Data
The name of the member who nominated you (with their consent), any supporting information provided as part of your application, and the outcome of the admissions review.
Financial Data
Payment card details are tokenised — we hold a token issued by our payment processor and do not store full card numbers or CVV codes. We also hold billing address, transaction amounts, dates, identifiers, and refund records. During the pre-launch period, no financial data is collected from Pre-Launch Members as no payment is required.
Technical and Usage Data
IP address, browser type, device identifiers, session data and access logs for the members' area and website, pages visited, features used, and time and duration of sessions.
Preferences and Communications
Dining, travel, and lifestyle preferences you share with us; communication preferences; feedback and survey responses.
Special Category Data
We do not intentionally collect special category data (health, religion, political opinion, etc.) as defined under Article 9 GDPR. If you choose to share dietary requirements or accessibility needs to enable us to serve you better, we treat this information with the highest level of protection, use it only for the purpose for which it was given, and delete it when no longer needed.
Legal Bases for Processing
We only process your personal data where we have a lawful basis under Article 6 GDPR (and its UK equivalent).
| Purpose | Legal basis |
|---|---|
| Administering your membership agreement (including pre-launch) | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and credit transactions | Performance of a contract (Art. 6(1)(b)) |
| Communicating with you about your membership and bookings | Performance of a contract (Art. 6(1)(b)) |
| Holding your application data pending launch | Legitimate interests (Art. 6(1)(f)) |
| Complying with anti-money laundering regulations | Legal obligation (Art. 6(1)(c)) |
| Retaining records required by tax and accounting law | Legal obligation (Art. 6(1)(c)) |
| Preventing fraud and securing the members' area | Legitimate interests (Art. 6(1)(f)) |
| Improving our services and developing new offerings | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing communications | Consent (Art. 6(1)(a)) — where separately obtained |
Where we rely on legitimate interests, we have assessed those interests against your rights and freedoms. You may request a copy of that assessment. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
Pre-Launch Data Processing
During the period between signature of a membership agreement and the Club's operational launch, we hold your personal data under the performance of contract basis (Art. 6(1)(b)). This covers:
- Storing your signed membership agreement and application data
- Communicating with you about launch progress, timelines, and any updates to your membership terms
- Notifying you when the launch trigger has been reached and payment is due
We do not use pre-launch member data for any commercial purpose beyond administering your membership agreement. We do not share it with third parties except as required to hold and manage the agreement itself.
If the Club does not launch and your agreement is dissolved, we will delete or anonymise your personal data within 30 days of that dissolution, retaining only what applicable law requires.
How We Use Your Data
We use your data to operate your membership, fulfil your bookings, communicate with you, maintain safety and discretion, improve our services, and meet legal obligations. We do not use your data for automated decision-making that produces legal or similarly significant effects on you. Admissions decisions involve human review; they are not automated.
Who We Share Your Data With
We share your data only where necessary and under appropriate safeguards. We do not sell, rent, or trade your personal data. We do not share it with third parties for their marketing purposes.
Service providers (processors): Payment processing, cloud infrastructure, email delivery, and identity verification providers — each under written data processing agreements.
Partner venues and service providers: Where your booking requires coordination with a restaurant, hotel, or event organiser, we share only the minimum information they need to fulfil the booking.
Legal and regulatory: We may disclose data to courts, regulators, or law enforcement in Italy or the UK where legally required. We will notify you where permitted by law.
International Transfers
If your data is transferred outside the EEA or UK, we ensure equivalent protections through Standard Contractual Clauses (SCCs) approved by the European Commission, UK International Data Transfer Agreements (IDTAs), or adequacy decisions where applicable.
How Long We Keep Your Data
| Category | Retention period |
|---|---|
| Active membership data | Duration of membership + 7 years |
| Pre-launch membership agreement data | Until launch + treated as active membership data thereafter; or 30 days after dissolution if Club does not launch |
| Financial transaction records | 7 years from transaction (Italy) / 6 years (UK) |
| Booking records | 3 years from completion |
| Application data (unsuccessful) | 12 months from decision |
| Marketing consent records | Duration of consent + 3 years |
| Account login and access logs | 12 months rolling |
| Correspondence with concierge | Duration of membership + 3 years |
When you cancel your membership, we return your unused credit balance, delete or anonymise the data we are not legally required to keep, and retain only what the law demands.
Cookies
The members' area uses cookies. Strictly necessary cookies are set automatically. Analytics cookies require your consent. No advertising or tracking cookies are used. Full details are in our Cookie Policy.
Security
We apply encryption in transit (TLS) and at rest, PCI-DSS-compliant payment processing, role-limited staff access, and regular security reviews. If we become aware of a breach likely to affect your rights, we will notify the competent supervisory authority within 72 hours and notify you directly without undue delay.
Your Rights
Under EU GDPR and UK GDPR you have the following rights. We will respond within one calendar month.
- Right of access — request a copy of your data and how we use it.
- Right to rectification — ask us to correct inaccurate or incomplete data.
- Right to erasure — ask us to delete your data where there is no longer a lawful basis to hold it. Some data must be retained for legal reasons; we will explain clearly what we can and cannot delete.
- Right to restriction — ask us to pause processing in certain circumstances.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any right, contact contact@001-club.com. We do not charge a fee for legitimate requests.
Supervisory Authorities
Italy (EU GDPR): Garante per la protezione dei dati personali — garante.gov.it
United Kingdom (UK GDPR): Information Commissioner's Office — ico.org.uk
We would appreciate the opportunity to address your concern directly before you escalate.
Children
0.01 membership requires the applicant to be at least 18 years of age. We do not knowingly collect data from individuals under 18.